Описание
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.1 (исключая)
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00147
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-1333
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVSS3: 7.5
redhat
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVSS3: 6.5
debian
почти 5 лет назад
An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...
CVSS3: 6.5
github
почти 5 лет назад
Regular Expression Denial of Service (ReDoS) in Pillow
EPSS
Процентиль: 35%
0.00147
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-1333